McAfee’s Q2 Threat Report covers a lot of ground, from assessing malware, ransomware, mobile malware and other threats, to the rise of script-based malware, threat hunting best practices, to analyzing the WannaCry and NotPetya ransomware and examining attacks across industries.
What stands out the most? Facebook has become a notable attack vector. That's not good.
Here’s more bad news:
- Healthcare accounted for 26 percent of Q2 2017 security incidents.
- New malware samples were up 67 percent in Q2 to 52 million.
- Faceliker, which infects a user’s web browser to hijack Facebook ‘likes’ to falsely promote content, accounted for nearly 9 percent of the quarter’s newly detected malware.
- Mobile malware grew 61 percent in the past four quarters.
- Global infections of mobile devices rose by 8 percent, Asia climbed by 18 percent.
- New macro malware rose by 35 percent, new ransomware grew 54 by percent.
- PowerShell script-based malware increased by 1385 percent over the last two years.
The good news:
- Mac OS malware growth declined to 4 percent as adware surge ebb.
- McAfee suggests threat hunting best practices.
- Forewarned is forearmed.
McAfee also dives into malware threats and incidents during Q2:
Security incidents, targets:
- 311 publicly disclosed security incidents increased 3 percent to 311 in Q2, of which 78 percent took place in the Americas.
- The health, public, and education sectors accounted for more than 50 percent of total incidents in 2016-2017 worldwide.
- In North America, healthcare sector attacks led vertical sectors in Q2 security incidents in the Americas.
- In Asia, the public sector led in reported Q2 incidents, followed by financial services and technology.
- In Europe, the public sector led followed by entertainment, health, finance, and technology.
Attack vectors, malware types:
- Account hijacking led disclosed attack vectors, followed by DDoS, leaks, targeted attacks, malware and SQL injections.
- The total number of malware samples grew by 23 percent in the past four quarters to about 723 million samples.
- Ransomware samples grew by 47 percent in the past four quarters to 10.7 million samples.
- Total mobile malware is up 61 percent in the past four quarters to 18.4 million samples.
- Some 91,000 new mobile malware samples raised the overall count to 1.1 million.
- The Gamut botnet continues to spam with job-related junk and phony pharmaceuticals. The Necurs botnet was the most disruptive, pushing multiple pump-and-dump stock scams during the quarter.
There’s more: In this blog, McAfee revisits WannaCry and NotPetya. The security provider also examines script-based malware and offers suggestions for threat hunters. For some more perspective, here's what two McAfee executives had to say about malware:
On WannaCry and NotPetya: "We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.” -- Raj Samani, McAfee chief scientist.
On threat hunting: “One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organization’s preventive security measures.” -- Ismael Valenzuela, McAfee threat hunting, security principal engineer.